In network security, encryption and integrity done by the same algorithm that is AES-CCM in that MIC generated by CBC-MAC and encryption done by CTR mode. So suppose I want to do encryption with any ...

I have done a lab about wireless sensor nodes and got in touch with encryption for the very first time. There are some questions on my sheet, especially on integrity protection (the attacker wants to ...

I've been studying message authentication codes and I was wondering why a MAC can only be produced with AES in CBC and CFB mode and why not the other modes such as ECB, OFB and counter.
Why are CBC ...

I was doing some self-initiated knowledge gathering about digests, signatures and hmacs and I ran across the fact that you can use CBC as a MAC, but if the message size is not fixed; then it is not ...

I've got an API spec that specifies NRPAD and FPAD as possible padding schemes. I see these being used together with the Korean SEED algorithm. The SEED specification however is void of any padding ...

The DES retail MAC, also known as ISO 9797-1 mode 3 with DES, computes the MAC of a block of data using a 16-byte (112 bit) key. It can be seen as CBC-MAC using simple DES with the first half of the ...

I use AES both CBC and CBC-MAC to encrypt some stuff. I generate one key for CBC and one different key for CBC-MAC.
Does the second key (for CBC-MAC) need to be secret?
How to join such key with the ...

I want to ask again about distinguishing attack on CBC MAC, based on the paper published by Ketting Jia, Xiaoyun Wang, Zheng Yuan, and Guangwu Xu: Distinguishing Attack and Second-Preimage Attack on ...

I know that length prepending improves security of CBC-MAC. However, wouldn't inserting the length elsewhere (middle, end or any other part of message) be equally good? After all, even the length is ...

I have two devices that need to verify that they both are in possesion of the same secret key. One of the devices is a very limited embedded device that only has AES128 available, no SHA or other hash ...

CBC-MAC, with fixed length message.
Is it safe to return all ciphered blocks instead of the last?
My intuition says it is less secure, since is gives an attacker more information.
But how could one ...